An application creates hashes of each file on an attached storage device. Which
of the following will typically occur during this process? - ANSWER An
increase in the amount of time it takes for the system to respond to requests
You have been assigned to configure a DMZ that uses multiple firewall
components. Specifically, you must configure a router that will authoritatively
monitor and, if necessary, block traffic. This device will be the last one that
inspects traffic before it passes to the internal network. Which term best
describes this device? - ANSWER Choke router
A distributed denial-of-service (DDOS) attack has occurred where both ICMP
and TCP packets have crashed the company's Web server. Which of the
following techniques will best help reduce the severity of this attack? -
ANSWER Filtering traffic at the firewall
Which of the following is considered to be the most secure default firewall
policy, yet usually causes the most work from an administrative perspective? -
ANSWER Blocking all access by default, then allowing only necessary
connections
Which of the following is most likely to pose a security threat to a Web server?
- ANSWER CGI scripts
What is the first tool needed to create a secure networking environment? -
ANSWER Security policy
Irina has contracted with a company to provide Web design consulting services.
The company has asked her to use several large files available via an HTTP
server. The IT department has provided Irina with user name and password, as
well as the DNA name of the HTTP server. She then used this information to
obtain the files she needs to complete her task using Mozilla Firefox. Which of
the following is a primary risk factor when authenticating with a standard HTTP
, server? - ANSWER HTTP uses cleartext transmission during authentication,
which can lead to a man-in-the-middle attack.
Requests for Web-based resources have become unacceptably slow. You have
been assigned to implement a solution that helps solve this problem. Which of
the following would you recommend? - ANSWER Implement caching on the
network proxy server
You have discovered that the ls, su and ps commands no longer function as
expected. They do not return information in a manner similar to any other Linux
system. Also, the implementation of Tripwire you have installed on this server
is returning new hash values. Which of the following has most likely occurred?
- ANSWER A root kit has been installed on the system.
Which of the following organisations provides regular updates concerning
security breaches and issues? - ANSWER CERT
You have been asked to encrypt a large file using a secure encryption algorithm
so you can send it via email to your supervisor. Encryption speed i important.
The key will not be transmitted across a network. Which form of encryption
should you use? - ANSWER Symmetric
Which of the following is the most likely first step to enable a server to recover
from a denial-of-service attack in which all hard disk data is lost? - ANSWER
Contact the backup service
You purchased a network scanner six months ago. In spite of regularly
conducting scans using this software, you have noticed that attackers have been
able to compromise your servers over the last month. Which of the following is
the most likely explanation for this problem? - ANSWER The network scanner
needs an update.
What is the primary use of hash (one-way) encryption in networking? -
ANSWER Signing files, for data integrity
Which of the following will best help you ensure a database server can
withstand a recently discovered vulnerability? - ANSWER Installing a system
update
of the following will typically occur during this process? - ANSWER An
increase in the amount of time it takes for the system to respond to requests
You have been assigned to configure a DMZ that uses multiple firewall
components. Specifically, you must configure a router that will authoritatively
monitor and, if necessary, block traffic. This device will be the last one that
inspects traffic before it passes to the internal network. Which term best
describes this device? - ANSWER Choke router
A distributed denial-of-service (DDOS) attack has occurred where both ICMP
and TCP packets have crashed the company's Web server. Which of the
following techniques will best help reduce the severity of this attack? -
ANSWER Filtering traffic at the firewall
Which of the following is considered to be the most secure default firewall
policy, yet usually causes the most work from an administrative perspective? -
ANSWER Blocking all access by default, then allowing only necessary
connections
Which of the following is most likely to pose a security threat to a Web server?
- ANSWER CGI scripts
What is the first tool needed to create a secure networking environment? -
ANSWER Security policy
Irina has contracted with a company to provide Web design consulting services.
The company has asked her to use several large files available via an HTTP
server. The IT department has provided Irina with user name and password, as
well as the DNA name of the HTTP server. She then used this information to
obtain the files she needs to complete her task using Mozilla Firefox. Which of
the following is a primary risk factor when authenticating with a standard HTTP
, server? - ANSWER HTTP uses cleartext transmission during authentication,
which can lead to a man-in-the-middle attack.
Requests for Web-based resources have become unacceptably slow. You have
been assigned to implement a solution that helps solve this problem. Which of
the following would you recommend? - ANSWER Implement caching on the
network proxy server
You have discovered that the ls, su and ps commands no longer function as
expected. They do not return information in a manner similar to any other Linux
system. Also, the implementation of Tripwire you have installed on this server
is returning new hash values. Which of the following has most likely occurred?
- ANSWER A root kit has been installed on the system.
Which of the following organisations provides regular updates concerning
security breaches and issues? - ANSWER CERT
You have been asked to encrypt a large file using a secure encryption algorithm
so you can send it via email to your supervisor. Encryption speed i important.
The key will not be transmitted across a network. Which form of encryption
should you use? - ANSWER Symmetric
Which of the following is the most likely first step to enable a server to recover
from a denial-of-service attack in which all hard disk data is lost? - ANSWER
Contact the backup service
You purchased a network scanner six months ago. In spite of regularly
conducting scans using this software, you have noticed that attackers have been
able to compromise your servers over the last month. Which of the following is
the most likely explanation for this problem? - ANSWER The network scanner
needs an update.
What is the primary use of hash (one-way) encryption in networking? -
ANSWER Signing files, for data integrity
Which of the following will best help you ensure a database server can
withstand a recently discovered vulnerability? - ANSWER Installing a system
update
